Privacy Policy

Privacy Policy

Last Updated: January 2026

Welcome to Kulu ("we", "us", "our", or "Company"). We are committed to protecting your data and privacy. This Privacy Policy explains how we handle your personal data when you use the Kulu Portal, Kulu Meet, and related services (together, the "Services").

Data We Process

Kulu processes only the data necessary to operate Kulu Portal and Kulu Meet effectively.

Account & Identification Data

• Email address
• Name
• Organization name and details
• Login credentials and access tokens

Used to authenticate you and secure your account.

Kulu Meet — Voice & Screen Sharing Data

When you participate in a meeting using Kulu Meet, we process:

Voice & Transcription

• Audio you speak into your microphone
• Speech-to-text transcripts
• AI-generated responses

Used to deliver real-time onboarding guidance.

Screen Sharing Data

When you choose to share your screen, we may process:

• visual content from the shared screen

We do not store continuous video streams, images, or screenshots. Screen content is processed in real-time only to support contextual guidance and is not retained.

Knowledge Base Content

If your organisation uploads documents to Kulu Portal (e.g., onboarding guides), we process:

• file contents
• extracted text
• generated embeddings

This allows the AI assistant to use your organisation's knowledge during meetings.

Chat & Interaction Data

• User questions
• AI assistant responses
• Timestamps and interaction metadata

Used to provide contextual responses and improve meeting continuity.

Technical & Operational Data

• Browser type, OS, device information
• API logs
• Performance metrics

Used to maintain reliability, security, and service stability.

How We Use Your Data

We use your data to:

• operate and improve Kulu Portal and Kulu Meet
• provide real-time AI onboarding (voice, screen awareness, contextual guidance)
• personalise your experience based on organisation and meeting context
• authenticate accounts and prevent misuse
• monitor performance and diagnose issues
• deliver billing and subscription services
• send essential service notifications
• send optional product updates (you may unsubscribe at any time)
• run aggregated or anonymised analytics to improve service quality

We do not use your voice recordings, transcripts, or meeting data to train AI models. Voice data is processed solely to ensure product stability and deliver real-time onboarding guidance. We do not sell identifiable data or share it with marketers.

Data Security

We implement appropriate security measures to protect your data:

Encryption

• In Transit – All data transmitted to and from our services is encrypted using TLS 1.2 or higher
• At Rest – Sensitive data is encrypted at rest using industry-standard encryption algorithms

Access Controls

• Authentication – Secure authentication mechanisms for all user accounts
• Authorization – Role-based access control (RBAC) ensures users only access data they need
• Audit Logging – All access to sensitive data is logged and monitored

Infrastructure Security

• Network Security – Firewalls, intrusion detection, and DDoS protection
• Regular Updates – Timely patching and updates of all systems
• Vulnerability Management – Periodic security reviews

Data Storage

All personal data is stored securely within our managed cloud infrastructure. Screen-sharing data is processed in real time and is not retained as continuous video. Data transmission is encrypted using HTTPS.

Data Retention

We retain personal data only for as long as necessary to deliver and maintain our Services, or as required by applicable law.

Audio Recording Retention

Audio recordings from Kulu Meet sessions are automatically deleted after 30 days. This deletion is automated to ensure compliance with data retention policies.

Transcripts and meeting metadata may be retained longer for service continuity and support purposes.

Other Data

Some records (for example, access logs or billing invoices) may be retained for a limited period to meet security, compliance, and accounting obligations. You can request deletion of your data at any time by contacting support@heykulu.ai.

Billing and Fraud Prevention Data

Payment data is processed by Stripe. Kulu does not store full card numbers.

We receive limited billing information such as:

• subscription plan
• payment method type
• billing cycle
• charge outcomes and retry attempts

Used to operate billing, prevent misuse, and ensure account continuity.

Stripe processes payment information according to its own Privacy Policy.

Your Rights

Depending on your jurisdiction, you may have the right to:

• access your personal data
• correct inaccurate information
• request deletion
• request a copy of your data

To exercise these rights, please contact us at support@heykulu.ai.

Data Processing Agreement (DPA)

For organizations requiring a Data Processing Agreement, we provide a comprehensive DPA document that outlines data processing terms and security commitments. Download DPA (PDF) In the event of any inconsistency between this Privacy Policy and the DPA, the DPA shall prevail for data-processing matters.

Authorized Sub-processors

Kulu engages third-party service providers (sub-processors) to deliver and maintain our services. We ensure that all sub-processors have data protection obligations substantially similar to those in our Data Processing Agreement and are bound by contractual commitments to protect your data.

Sub-processors List

We require all sub-processors to maintain appropriate privacy and security obligations.

We may update this list as our services evolve.

Contact Us

If you have questions about this Privacy Policy or any privacy matters:

📧 Email: support@heykulu.ai

We are committed to working with you to resolve any privacy concerns.